Description
NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10.
Published: 2026-03-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

The reported vulnerability is a NULL pointer dereference in MolotovCherry’s Android-ImageMagick7 library. When the library processes a specially crafted image, the pointer may be null, causing the application to crash. This loss of availability is the primary threat, which can be exploited by supplying a malformed image during normal usage. The weakness corresponds to improper handling of input references, matching CWE‑476.

Affected Systems

The flaw affects the Android-ImageMagick7 component distributed by MolotovCherry. Any installation of this library with a version earlier than 7.1.2‑10 is vulnerable, as the code paths responsible for image decoding are not protected against null pointer usage.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS value of less than 1% suggests low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. An attacker would need to deliver a malicious image to the application; thus the attack vector is likely local or remote with user interaction. Based on the description, it is inferred that the vulnerability can be triggered by providing a malformed image during normal library usage.

Generated by OpenCVE AI on March 26, 2026 at 20:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Android-ImageMagick7 to version 7.1.2‑10 or newer.
  • If upgrading is delayed, validate or sanitize image inputs before passing them to the library to avoid null pointer usage.
  • Monitor application logs for crashes and consider disabling the vulnerable functionality until a patch is applied.

Generated by OpenCVE AI on March 26, 2026 at 20:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:molotovcherry:android-imagemagick7:*:*:*:*:*:*:*:*

Tue, 24 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Molotovcherry
Molotovcherry android-imagemagick7
Vendors & Products Molotovcherry
Molotovcherry android-imagemagick7

Tue, 24 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
Description NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10.
Title NULL Pointer Dereference in MolotovCherry Android-ImageMagick7
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Molotovcherry Android-imagemagick7
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-03-24T14:15:25.078Z

Reserved: 2026-03-24T05:55:55.342Z

Link: CVE-2026-33853

cve-icon Vulnrichment

Updated: 2026-03-24T14:15:21.445Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-24T06:16:22.517

Modified: 2026-03-26T19:31:07.700

Link: CVE-2026-33853

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:21:19Z

Weaknesses